CN105718760A - Licensing in the cloud - Google Patents
Licensing in the cloud Download PDFInfo
- Publication number
- CN105718760A CN105718760A CN201510817595.4A CN201510817595A CN105718760A CN 105718760 A CN105718760 A CN 105718760A CN 201510817595 A CN201510817595 A CN 201510817595A CN 105718760 A CN105718760 A CN 105718760A
- Authority
- CN
- China
- Prior art keywords
- license
- machine
- licence
- data
- licensc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000004044 response Effects 0.000 claims abstract description 40
- 230000003213 activating effect Effects 0.000 claims abstract description 7
- 238000000034 method Methods 0.000 claims description 63
- 238000004891 communication Methods 0.000 claims description 16
- 238000003860 storage Methods 0.000 claims description 13
- 238000011161 development Methods 0.000 claims description 11
- 239000002184 metal Substances 0.000 claims description 5
- 230000008569 process Effects 0.000 description 15
- 238000007726 management method Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 11
- 230000004913 activation Effects 0.000 description 5
- 238000004519 manufacturing process Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 230000005012 migration Effects 0.000 description 3
- 238000013508 migration Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 239000000725 suspension Substances 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 239000003990 capacitor Substances 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000000411 inducer Substances 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 230000008447 perception Effects 0.000 description 2
- 229920000642 polymer Polymers 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 229910052710 silicon Inorganic materials 0.000 description 2
- 239000010703 silicon Substances 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000002354 daily effect Effects 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 230000005294 ferromagnetic effect Effects 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 230000005291 magnetic effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000011112 process operation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1011—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1014—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1077—Recurrent authorisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
At least one machine readable medium comprising a plurality of instructions that in response to being executed by a system cause the system to send a unique identifier to a license server, establish a secure channel based on the unique identifier, request a license for activating an appliance from a license server over the secure channel, receive license data from the license server over the secure channel; determine whether the license is valid, and activate the appliance in response to a determination that the license data is valid.
Description
Technical field
Disclosed technology relates generally to license cloud software, more specifically, and the license cloud software of the permissive mechanism be directed to use with safety, strengthening.
Background technology
Along with virtualization and cloud infrastructure, platform and software occur as service arrangement, it is traditionally based on the licensed application kimonos of hardware (such as, fire wall, load equalizer, wan optimization device etc.) to do honest work and be deployed as virtual machine (VM).Network function virtualization is by allowing to use in cloud infrastructure saving that common stock hardware (common-off-the-shelf) will provide on cost and by accelerations innovation, because being introduced in software by new feature and being easier without waiting for new hardware release cycle.Currently available license solution is exclusive, and it does not design for cloud, and does not take root within hardware, and this provides bigger safety.
Accompanying drawing explanation
In the accompanying drawings, by example but not by restricting the embodiment illustrating disclosed technology, and in the accompanying drawings, identical reference number refers to similar element.
Fig. 1 is shown in the license management system in the context of cloud, and wherein, device (appliance) or virtual net function can run on naked metal machine or in management program (hypervisor).
Fig. 2 illustrates the licensed device with the licence broker being positioned on client host.
Fig. 3 is shown with the virtualized environment of the license mechanism of safety, reinforcement.
Fig. 4 illustrates the high level flowchart of the embodiment of disclosed technology.
Fig. 5 illustrates the message between licence broker and license server.
Fig. 6 illustrates the Example Computing Device being applicable to put into practice the disclosure according to each embodiment.
Fig. 7 illustrate according to each embodiment, there is programming instruction and cover the goods of various aspects of the disclosure.
Detailed description of the invention
As used in this article, device and virtual net function (VNF) are for referring to licensed application and service interchangeably.Permit operation is taken root within hardware by the embodiment of disclosed technology by using Intel's software protecting extension (SGX) technology being discussed more fully below or other trusted enforcement engine (TEE).In this article, these will be referred to as SEC (referring to safety equipment).SEC can refer to SGX or TEE.
As discussed hereinabove, Fig. 1 is shown in the license management system in the context of cloud environment, wherein, VNF can just on naked metal machine, on container or in management program run.Cloud environment can include various client host 100, and each client host includes SEC102 within hardware.Each SEC102 includes license key data that are each SEC is unique and that be stored in SEC102.Fig. 2 illustrates the licensed device 200 or VNF that can be located on each client-main frame 100.Licensed device 200 includes the licence broker 202 communicated with SEC102.
Licence broker 202 can safely with license server communication will pass through SEC102 to verify licence.It is to say, licence broker 202 can communicate with the SEC102 on client host 100, subsequently, the SEC102 on this client host 100 uses secure license key data to communicate with the SEC102 in license server 104 safely.
As it has been described above, license key data are unique for each SEC102, and licence and key data itself is protected to avoid being tampered.As discussed in more detail hereinafter with reference to Fig. 4, only determining after licence is effective in licence broker 202, device 200 is just activated.
Fig. 3 be shown in cloud virtualized environment run license management system.But, as discussed hereinabove, this license management system also can on naked metal machine or run in a reservoir.The embodiment of Fig. 3 includes all clients 302, and these clients 302 are connected to the VNF/VM304 in cloud virtualized environment 300 by back haul link (backhaul) 306.Management program is responsible for one or more VNF, and will be collectively referred to as all VMF/VM304 in this article.Client 302 is also referred to as cloud tenant (tenant).Back haul link 306 can be any part of the network between cloud virtualized environment and all clients.SEC308 in each in all VNF/VM304 communicates with license server system 310, and this license server system 310 also includes SEC308.Cloud virtualized environment 300 can include management program or cloud operating system (OS) 312 (such as, opening stack (OpenStack)) and platform 314.For ease of discussing, hereinafter management program or cloud OS312 are called cloud OS312.But, as the skilled person will readily understand, any one in management program, cloud OS or equivalent system can be used.Each the physical computing main frame supporting cloud virtualized environment 300 has a platform 314, and each platform 314 includes secure clock 316.Each the physical computing main frame supporting license server also has SEC308 and secure clock 316.As also described below middle by discussed in detail with reference to Fig. 4 and Fig. 5, due to SEC308 Internet access secure clock 316, the time which reduces handles attack.
Fig. 4 illustrate for licence to activate the example high-level flow process of some embodiments of the disclosed technology of the VNF on VM.Although Fig. 4 illustrates cloud OS and performs various operations, but cloud OS can concentrate on and starts VM and can will obtain and the task delegation of more new permit is to VNF.The high-level flow process that figure 4 illustrates can across expectation being used via the effective all independent software vendor (ISV) permitting to obtain confirmation and cloud operating system.In operation 400, the SEC in each VM reads the time from secure clock.Random number generator based on platform or silicon also can be used for obtaining key entropy and with acting on the seed that detection session is reset by SEC.Hardware random number generator provides useful especially abundant randomness stream in license server, generates for current number (nonce), sets up the communication channel of safety, etc..In this entropy source traditional wherein (such as, mouse moves and knocks with keyboard) disabled cloud particularly useful.In operation 402, license server in the SEC being associated with VM retrieval key (these keys can be merge key, root key or trust console module (TPM) key) to create the safe lane between license server.In operation 404, the SEC being associated with license server will be sent to by licence broker retrieved key via the SEC being associated with VM/VNF.This establishes safe channel between VM/VNF and license server, and guarantees to protect licence from the unwarranted exposure outside this safe lane and duplication, because each SEC has self unique key set.
In action 406, client triggers VM/VNF activation at cloud OS place.When client request activates, in operation 408, if licence is that the request being effectively activated by VM/VNF is sent to VM/VNF by cloud OS.But, as it has been described above, VNF can periodically or start time send activation request or licence more newly requested.And then, as described below in references to Fig. 5 be more fully described such, the licensc e data (it can include client metadata) of client is sent to the SEC being associated with VM/VNF by VM/VNF.In act 410, VM/VNF asks SEC to verify licence.Subsequently, in operation 412, on the safe lane set up between the SEC being associated with VM/VNF and the SEC being associated with license server, exchange includes the licensc e data of client metadata, and the SEC being associated with VM/VNF determines that whether licence is effective.In operation 414, to the SEC being associated with license server, the SEC being associated with VM/VNF notifies that licence is previously effective or invalid.In operation 416, to the SEC being associated with license server, the SEC being associated with VM/VNF also notifies that licence is currently effective or invalid.In operation 418, also licensc e data (it can include client metadata) is verified with the licensc e data being saved in license database.
In operation 420, based on the effectiveness of licence, the SEC being associated with license server or the activation to VM/VNF will be triggered on cloud OS, or the activation to VM/VNF will be stopped on cloud OS.Subsequently, in operation 422, cloud OS activates based on from the SEC being associated with the license server triggering received or stops VM/VNF.
VNF possibly cannot start client or cloud tenant, and possibly cannot notify to issue (issue) to client or cloud tenant.Cloud OS also can be warned this failure, thus certain correction action can be taked, such as, if licence account payable does not pay, or the situation Xia Yun provider increased in the use of cloud tenant obtains notice cloud tenant during more licence.Depending on various situation, cloud OS also can suspend VNF, and regain resource and redistribute.
In alternative embodiments, license validation on every platform can be added by the scheme of expander graphs 4.License authentication binary object (blob) will be signed by the SEC of each platform, this license authentication binary object includes software I D, mac address, Hostname or plateform system ID, safety time value, random number etc., and this licence binary object is also delivered to the SEC that is associated with license server.
In alternative embodiments, when VM migrates, the licence mandate during the migration of VM/VNF can be processed by the network readezvous point of all SEC.In this case, while cloud OS is promulgating that VM/VNF migrates, this cloud OS license activation is triggered.The security message of instruction VM migration event can be sent to license server by the cloud of license server perception.Whether perception is employed special VM by cloud OS starts, just as when servicing VM (such as fire wall, load equalizer etc.).Have the difference of the outside being exposed on this SEC never and unique key due to SEC, therefore license server is not it will be assumed that have the unwarranted use to those certificates.Therefore, each SEC being associated with each VM/VNF has the unique communication connection between SEC license server, and license authentication is by non-repudiation (non-repudiation) protection.
Fig. 5 illustrates the message transmission between licence broker and license server.On backstage, license server is gathered in the crops constantly and is not refreshed the licence reaching several continuous print refresh cycles.License server also can generate signed audit log and statistical data when the end of every day, such as, and the quantity of the license request of the licence concurrently used, typical use persistent period and failure.It is to say, when information drop-out or rearrangement, license server verifies on backstage, verifies and repair its state.Such as, if licence issue information drop-out, then it is assumed that this licence is occupied or is used.On backstage, license server can periodically check (dangling) licence of suspension, if and the quantity of these licences has reached its limit, then permit server attempts collecting the licence of these suspensions, and discharges the licence of these suspensions for the convenience of client computer.
In operation 500, license server asks licence via the SEC being associated from license server.This is directed to use with secure clock and the metadata of client host is sent to license server, the metadata of client host such as, the MAC Address of client, Hostname, IP address and time.As discussed above, this information can be transmitted safely by SEC.In operation 502, license server uses the metadata of client to create licence, and this licence is sent to licence broker.This licence includes based on expiring of client time and lease period and expiring based on server time and lease period.This licence also includes the Hostname of client, MAC Address and IP address and server time stamp.Licence is stored in license database, signs with institute's document attached and is distributed to licence broker subsequently.When licence broker receives licence in operation 502, it verifies ticket signature and by licence high-speed cache (cache) in the SEC being associated with this licence broker.As long as client time expiration is less than actual client time, this licence is exactly effective, and can be used by this client.
Verify it is to say, be compared to exequatur via SEC by the safety time stamp stabbed by the time expiration captured in licence with the timestamp based on secure clock on home server and by the VM offer seeking checking.Can be set up by VM and/or license server without safety time stamp, then use the timestamp utilizing NTP to set up in license server.License server is generally more credible than independent computing node and the VM run on these computing nodes.
Licence broker can be passed through background process and periodically verify that device can use together with cached licence, and (keep-alive) message of maintenance being survived or more new information are sent to license server, this background process verification time expiration has not exceeded local security clock.When being absent from the licence refresh response from license server after several verification period, instruction VM is made this device shut down by licence broker.
In operation 504, as discussed hereinabove, licence is more newly requested is sent to license server from licence broker, as mentioned above.If license metadata mates with the licensc e data being stored in license database, and this licence is not expired, then update this licence.If this licence has expired, then return has expired message and is sent to licence broker, and this licence is harvested, and this licensed ID is disabled.If license metadata and/or signature do not mate that be stored in license database, it is likely that imitated (clone) of VM or migrate and be try to use this licence.During clean VM migrates, as discussed above, license server is notified, and licence is harvested and should be reissued from the request of new client host.In operation 506, licence refreshes or error code is sent to licence broker.All of request, response and mistake are recorded as daily record by license server, and can be stored in license database.
If licence broker receives error message, then, in operation 500, new permit can be asked.Otherwise, checking licence refreshes and updates refresh time at licence broker place.When licence has expired, subsequently, in operation 508, this licence is discharged from licence broker, and from the high-speed cache of the SEC being associated with this licence broker, remove this licence, and gather in the crops this licence at license server place, and record this event.
When VM is suspended, stops or migrating, licence broker triggers the licence results event including removing the local cache of licence, and by the news release of this licence of release to license server.The licence of the maximum quantity of this permission flow-type (floating) licence uses.
VM/VNF or device can be imitated in every way.When imitated startup, manager has to be asked new MAC Address or reuses the option of MAC Address of original VM/VNF.Embodiments disclosed above is kept apart from imitated any licence is more newly requested with the misuse with licence by refusing, and does not mate in any one in MAC Address, IP address, Hostname and/or SEC sign because these are copied.Subsequently, imitated can ask new permit, and if any licence be available, then can issue new permit.
In order to prevent licence deception (spoofing), whenever starting VM/VNF, no matter it is when first time starts shooting, or to the rear migration of new client host, or when reactivating after the dwell, VM/VNF must contact license server.As discussed above, on the hardware with SGX and/or TEE ability, these message can by host-specific key signature.The imitated license key that will not mate raw requests and issue.
When being absent from the hardware with SGX and/or TEE ability, present if two or more VM/VNF combine with identical host name and MAC Address, or the refresh time stamp at server place than desired faster, then will refresh to refuse licence with the message code of " being likely to copy ".This is by the VM/VNF original for the protection refusal from service but refuses the imitated of absolute service.But, refusal was also once migrated to any VM/VNF of new client host by this.After receiving this " being likely to copy " message, as shown in the operation 500 of above Fig. 5, VM/VNF must issue the message that gets a license.
Fig. 6 illustrates example calculations main frame 600.In some instances, as shown in Figure 6, calculate main frame 600 can include processing assembly 602, other host component 604 or communication interface 606.According to some examples, calculating main frame 606 can be the client host 100 or license server 102 that are associated with Fig. 1, or the platform 314 being associated with Fig. 3 and license server 310.Calculating main frame 600 can be single physical server or composition formula logical server, and this composition formula logical server includes the combination of the assembly of decomposition or the element being combined into from the shared pool of configurable calculating resource.
According to some examples, process assembly 602 and can perform the process operation for storage medium 608 or logic.Process assembly 602 and can include the combination of various hardware element, software element or hardware element and software element.The example of hardware element can include device, logical device, assembly, processor, microprocessor, circuit, processor circuit, component (such as, transistor, resistor, capacitor, inducer etc.), integrated circuit, special IC (ASIC), PLD (PLD), digital signal processor (DSP), field programmable gate array (FPGA), memory cell, gate, depositor, semiconductor device, chip, microchip, chipset etc..The example of software element can include component software, program, application, computer program, application program, device driver, system program, software development procedures, machine program, operating system software, middleware, firmware, software module, routine, subroutine, function, method, process, software interface, application programming interfaces (API), instruction set, calculating code, computer code, code segment, computer code segments, word, value, symbol or above-mentioned every combination in any.Determine use hardware element and/or software element to realize example can be different according to any amount of factor, these factors such as, for the desired computation rate of given example, power grade, thermal capacitance limit, process cycle budget, input data rate, output data rate, memory resource, data bus speed and other design or Performance Constraints.
In some instances, other host component 604 can include common computing element, such as, one or more processors, polycaryon processor, coprocessor, memory cell, chipset, controller, ancillary equipment, interface, agitator, timing device, video card, audio card, multimedia input/output (I/O) assembly (such as, character display), power supply etc..The example of memory cell may include but be not limited to computer-readable and the machine readable memory medium of various types of a kind of or multiple kinds of higher speed memory cell forms, such as, and read only memory (ROM), random access memory (RAM), dynamic ram (DRAM), double data rate RAM (DDRAM), synchronize DDRAM (SDRAM), static RAM (SRAM), programming ROM (PROM), electronically erasable programmable rom (EPROM), electric erazable programmable ROM (EEPROM), flash memory, polymer memory (such as, ferromagnetic polymer memorizer, formula memorizer difficult to understand, phase transformation or ferroelectric memory, silicon-oxide-nitride-oxide-silicon (SONOS) memorizer), magnetic or optical card, device array (such as, redundant array of independent disks (RAID) driver), solid-state memory device (such as, USB storage), the storage medium of solid-state drive (SSD) and any other type suitable in storage information.
In some instances, communication interface 606 can include logic and/or the feature for supporting communication interface.For these examples, communication interface 606 can be included according to the one or more communication interfaces operated for the various communication protocols communicated by direct or network communication link or standard.Directly communication can occur via the communication protocol being used in described in one or more industry standard (including offspring and variant) (those communication protocols such as, being associated with PCIe specification or standard) or standard.Network service can via using communication protocol or standard (such as, in those communication protocols described in the one or more ethernet standards promulgated by IEEE or standard) to occur.Such as, this type of ethernet standard can include IEEE802.3.Network service also can occur according to one or more open flows (OpenFlow) specification (such as, open flows hardware abstraction API specification).Network service also can occur according to without tape (Infiniband) framework specification or ICP/IP protocol.
Can realizing in individual server or logical server as it has been described above, calculate main frame 600, this logical server is made up of the combined schematic diagram illustrating or element for can configure computing resource sharing pond.Correspondingly, as desired suitably for physical server or logical server, each embodiment calculating main frame 600 can include or omit function and/or the customized configuration of calculating main frame 600 described herein.
Any combination that discrete circuit, special IC (ASIC), gate and/or single-chip framework realize can be used to realize calculating assembly and the feature of main frame 600.Additionally, in a suitable case, microcontroller, programmable logic array and/or microprocessor or aforementioned every any combination can be used to realize calculating the feature of main frame 600.It should be noted that, hardware, firmware and/or software element can be referred to as or are individually referred to as " logic " or " circuit " in this article.
It should be appreciated that the example calculation main frame 600 illustrated in block diagram form in figure 6 can represent a function depicted example of many potential implementations.Correspondingly, the division of the frame function described in appended accompanying drawing, omit or include not inferring and necessarily will be divided, and omit or include in an embodiment for realizing the nextport hardware component NextPort of these functions, circuit, software and/or element.
One or more aspects of at least one example can be realized by the representative instruction being stored at least one machine readable media, at least one machine readable media represents the various logic in processor, when being read these representative instructions by machine, these representative instructions make machine, computing equipment or system manufacture for performing the logic of technology specifically described herein.This type of represents that (being called " IP kernel ") can be stored on tangible machine readable media, and is provided to various consumer or manufacturing facility, in order to be loaded in the manufacture machine actually manufacturing this logic or processor.
The combination of hardware element, software element or hardware element and software element can be used to realize various example.In some instances, hardware element can include equipment, assembly, processor, microprocessor, circuit, component (such as, transistor, resistor, capacitor, inducer etc.), integrated circuit, special IC (ASIC), PLD (PLD), digital signal processor (DSP), field programmable gate array (FPGA), memory cell, gate, depositor, semiconductor device, chip, microchip, chipset etc..In some instances, software element can include component software, program, application, computer program, application program, system program, machine program, operating system software, middleware, firmware, software module, routine, subroutine, function, method, process, software interface, application programming interfaces (API), instruction set, calculating code, computer code, code segment, computer code segments, word, value, symbol or above-mentioned every combination in any.Determine use hardware element and/or software element to realize example can be different according to any amount of factor, such as, desired computation rate, power grade, thermal capacitance limit, process cycle budget, input data rate, output data rate, memory resource, data bus speed and other design or Performance Constraints are realized for given.
Some examples can include goods seen in fig. 7 or at least one computer-readable medium.Fig. 7 illustrates the goods 700 according to each embodiment, and these goods 700 have programming instruction, and in conjunction with the aspects of the disclosure.In embodiments, goods can be used for realizing each embodiment of the disclosure.As it can be seen, goods 700 can include computer-readable non-transitory memory medium 702, wherein, instruction 704 is configured for the embodiment of each side of the embodiment of any one process put into practice in these processes described herein.Storage medium 702 can represent broad range of lasting storage medium as known in the art, includes but not limited to, flash memory, dynamic random access memory, static RAM, CD, disk etc..Instruction 704 can allow device to perform various operation described herein in response to by the execution to instruction 704 of this device.Exemplarily, storage medium 702 can include instruction 704, in instruction 704 is configured for some of approval apparatus putting into practice all embodiments according to the disclosure as shown in the process making device (client host 100 such as, being associated or license server 102 or the platform 314 being associated with Fig. 3 and license server 310) Fig. 4 with Fig. 1.As another example, storage medium 702 can include instruction 704, in instruction 704 is configured for some of approval apparatus putting into practice all embodiments according to the disclosure as shown in the process making device (client host 100 being such as associated or license server 102 or the platform 314 being associated with Fig. 3 and license server 310) Fig. 5 with Fig. 1.In an embodiment, computer-readable recording medium 702 can include one or more computer-readable non-transitory memory medium.In other embodiments, computer-readable recording medium 702 can be transient state, such as, and the signal being encoded with instruction 704.
Computer-readable medium can include the non-transitory memory medium for storing logic.In some instances, non-transitory memory medium can include can the computer-readable recording medium of one or more types of storage of electronic, including volatile memory or nonvolatile memory, removable or non-removable memorizer, erasable or non-erasable memory, writeable or recordable memory, etc..In some instances, logic can include various software element, such as, component software, program, application, computer program, application program, system program, machine program, operating system software, middleware, firmware, software module, routine, subroutine, function, method, process, software interface, API, instruction set, calculating code, computer code, code segment, computer code segments, word, value, symbol or above-mentioned every combination in any.
According to some embodiments, computer-readable medium can include for storing or the non-transitory memory medium of maintenance instruction, when being performed these instructions by machine, computing equipment or system, these instructions make this machine, computing equipment or system perform the method according to described example and/or operation.These instructions can include the code of any suitable type, such as, and source code, compiled code, interpretive code, executable code, static code, dynamic code, etc..These instructions can be realized, thus indicating machine, computing equipment or system to perform certain function according to predefined computer language, mode or grammer.Any suitable senior, rudimentary, OO, vision, compiling and/or interpreted programming language can be used to realize these instructions.
Statement " in one example " or " example " and derivative words thereof can be used to describe some examples.These terms mean to be included at least one example in conjunction with the special characteristic described by this example, structure or characteristic.In this manual occur that phrase " in one example " might not all referring to identical example everywhere.
Statement " coupling " or " connection " and derivative words thereof can be used to describe some examples.These terms are not necessarily intended to as synonym each other.Such as, the description that term " connection " and/or " coupling " carries out is used to may indicate that two or more elements are in direct physical contact with each other or electrically contact.But, term " coupling " also can refer to two or more elements and is not directly contacted with each other, but still coordination with one another or interaction.
The example below relates to the additional example of technology disclosed herein.
Example 1: a kind of method of apparatus control for approval apparatus on machine, the method includes: unique identifier is sent to license server;Safe channel is set up based on this unique identifier;By the channel of this safety, from the request of this license server for activating the licence of this device;;By the channel of this safety, receive licensc e data from license server;Determine whether this licence is effective;And be effectively determine in response to this licence, activate this device.
Example 2: the method for apparatus control as described in example 1, wherein, the channel of safety is to use the safety equipment being associated with the machine generating unique identifier to set up.
Example 3: the method for apparatus control as described in example 2, wherein, safety equipment include software protecting development hardware or trust enforcement engine.
Example 4: the method for apparatus control as described in example 1, farther includes: by this license data store in the memorizer being associated with machine.
Example 5: the method for the apparatus control as described in example 4, wherein, licensc e data includes one in time expiration and the following: the MAC Address of machine, IP address and Hostname.
Example 6: the method for the apparatus control as described in example 5, farther includes: if machine time is after time expiration, then deactivate device.
Example 7: the method for the apparatus control as described in example 5, farther includes: determine machine time based on the secure clock being positioned on machine;And if this machine time is after time expiration, then deactivating this device.
Example 8: the method for apparatus control as described in example 1, farther includes: after the predetermined time period, and request licence updates;Receive licence and update response;And if the renewal of this licence is invalid, then deactivating device.
Example 9: at least one machine readable media, including a plurality of instruction, performs a plurality of instruction in response to by system, and this plurality of instruction makes this system: unique identifier is sent to license server;Safe channel is set up based on this unique identifier;By the channel of this safety, from license server request for activating the licence of device;By the channel of this safety, receive licensc e data from this license server;Determine whether this licence is effective;And be effectively determine in response to this licensc e data, activate device.
Example 10: at least one machine readable media as described in example 9, wherein, the channel of safety is to use the safety equipment being associated with the machine generating unique identifier to set up.
Example 11: at least one machine readable media as described in example 10, wherein, safety equipment include software protecting development hardware or trust enforcement engine.
Example 12: at least one machine readable media as described in example 9, including instruction, these instructions are for making system by license data store in the memorizer being associated with machine further.
Example 13: at least one machine readable media as described in example 12, wherein, licensc e data includes one in time expiration and the following: the MAC Address of machine, IP address and Hostname.
Example 14: at least one machine readable media as described in example 13, including instruction, these instructions are for making system further: if machine time is after time expiration, then deactivate device.
Example 15: at least one machine readable media as described in example 13, including instruction, these instructions are for making system further: determine machine time based on the secure clock being positioned on machine;And if this machine time is after time expiration, then deactivating device.
Example 16: at least one machine readable media as described in example 9, including instruction, these instructions are for making system further: after the predetermined time period, and request licence updates;Receive licence and update response;And if licence renewal is invalid, then deactivating device.
Example 17: a kind of machine for running gear, this machine includes: safety equipment, and these safety equipment are configured for the unique identifier of generation;And processor, this processor is configured for: receive this unique identifier from these safety equipment;This unique identifier is sent to license server;Safe channel is set up based on this unique identifier;By the channel of this safety, from the request of this license server for activating the licence of device;By the channel of this safety, receive licensc e data from this license server;Determine whether this licence is effective;And be effectively determine in response to this licensc e data, activate device.
Example 18: the machine as described in example 17, wherein, safety equipment include software protecting development hardware or trust enforcement engine.
Example 19: the machine as described in example 17, farther includes to be configured for the memorizer of storing authorization card data.
Example 20: the machine as described in example 17, wherein, licensc e data includes one in time expiration and the following: operate the MAC Address of the machine of this machine, IP address and Hostname.
Example 21: the machine as described in example 17, farther includes secure clock, wherein, processor be further configured to for: from secure clock receive machine time;And if this machine time is after time expiration, then deactivating device.
Example 22: the machine as described in example 17, wherein, processor be further configured to for: from machine receive licence more newly requested;Determine that licence updates response based on the licensc e data being stored in this license database;And send licence renewal response.
Example 23: the machine as described in example 22, wherein, licence updates response and includes new permit.
Example 24: the machine as described in example 22, wherein, licence updates response, and to include instruction licence be invalid message.
Example 25: a kind of method of apparatus control for license information is supplied to machine from license server, the method includes: unique identifier is supplied to machine;Safe channel is set up based on this unique identifier;By the channel of safety, receive the request to licence;Metadata is received from this machine;And licensc e data is sent to machine.
Example 26: the method for the apparatus control as described in example 25, wherein, the channel of safety is to use the safety equipment being associated with the license server generating unique identifier to set up.
Example 27: the method for the apparatus control as described in example 26, wherein, safety equipment include software protecting development hardware or trust enforcement engine.
Example 28: the method for the apparatus control as described in example 25, farther includes: by license data store in license database.
Example 29: the method for the apparatus control as described in example 25, wherein, licensc e data includes time expiration and the metadata received.
Example 30: the method for the apparatus control as described in example 29, wherein, metadata includes operating the MAC Address of the machine of this machine, IP address and Hostname.
Example 31: the method for the apparatus control as described in example 28, farther includes: determine whether this licence is effective based on the licensc e data being stored in license database and the metadata that receives.
Example 32: the method for the apparatus control as described in example 31, farther includes: receive licence from machine more newly requested;Effectiveness based on the licensc e data being stored in license database determines that licence updates response;And send licence renewal response.
Example 33: the method for the apparatus control as described in example 32, wherein, licence updates response and includes new permit.
Example 34: the method for the apparatus control as described in example 33, wherein, it is not effective message that licence renewal response includes instruction licence.
Example 35: at least one machine readable media, including a plurality of instruction, performs a plurality of instruction in response to by system, and this plurality of instruction makes this system: unique identifier is sent to machine;Safe channel is set up based on this unique identifier;By the passage of this safety, receive the request to licence;Metadata is received from machine;Licensc e data is generated based on this metadata;And licensc e data is sent to machine.
Example 36: at least one machine readable media as described in example 35, wherein, the channel of safety is to use the safety equipment being associated with the license server generating unique identifier to set up.
Example 37: at least one machine readable media as described in example 36, wherein, safety equipment include software protecting development hardware or trust enforcement engine.
Example 38: at least one machine readable media as described in example 35, including instruction, these instructions are for making system by license data store in license database further.
Example 39: at least one machine readable media as described in example 35, wherein, licensc e data includes time expiration and the metadata received.
Example 40: at least one machine readable media as described in example 39, wherein, metadata includes operating the MAC Address of the machine of this machine, IP address and Hostname.
Example 41: at least one machine readable media as described in example 38, including instruction, these instructions are for making system further: determine whether this licence is effective based on the licence being stored in license database and the metadata that receives.
Example 42: at least one machine readable media as described in example 41, including instruction, these instructions are for making system further: receive licence from machine more newly requested;Effectiveness based on the licensc e data being stored in license database determines that licence updates response;And send licence renewal response.
Example 43: at least one machine readable media as described in example 42, wherein, licence updates response and includes new permit.
Example 44: at least one machine readable media as described in example 42, wherein, it is not effective message that licence renewal response includes instruction licence.
Example 45: a kind of license server, including: safety equipment, these safety equipment are configured for the unique identifier of generation;And processor, this processor is configured for: this unique identifier is sent to machine;Safe channel is set up based on this unique identifier;By the channel of this safety, receive the request to licence;Metadata is received from machine;Licensc e data is generated based on metadata;And this licensc e data is sent to machine.
Example 46: the license server as described in example 45, wherein, safety equipment include software protecting development hardware or trust enforcement engine.
Example 47: the license server as described in example 45, including instruction, these instructions are for making system by license data store in license database further.
Example 48: the license server as described in example 45, wherein, licensc e data includes time expiration and the metadata received.
Example 49: the license server as described in example 48, farther includes secure clock, wherein, processor be further configured to for: determine whether this licence is effective based on this license server clock and time expiration.
Example 50: the license server as described in example 48, wherein, metadata includes operating the MAC Address of the machine of this machine, IP address and Hostname.
Example 51: the license server as described in example 47, wherein, processor be further configured to for: determine whether this licence is effective based on this licence being stored in license database and the metadata received.
Example 52: the license server as described in example 51, wherein, this processor be further configured to for: from machine receive licence more newly requested;Effectiveness based on the licensc e data being stored in this license database determines that licence updates response;And send licence renewal response.
Example 53: the license server as described in example 52, wherein, licence updates response and includes new permit.
Example 54: the license server as described in example 52, wherein, it is not effective message that licence renewal response includes instruction licence.
Example 55: a kind of method of apparatus control for approval apparatus, the method includes: asked the use to the device on machine by client;In response to the request using device, first unique identifier is sent to license server;In response to this first unique identifier, second unique identifier is sent to machine;Based on first unique identifier and second unique identifier, between machine and license server, set up safe channel;From the request of this license server for activating the licence of device;Pass through the channel of the safety set up, cross license data between license server and machine;Determine whether this licensc e data is effective;And be effectively determine in response to this licensc e data, activate device.
Example 56: the method for the apparatus control as described in example 55, wherein, machine and license server are each associated with safety equipment.
Example 57: the method for the apparatus control as described in example 56, wherein, each safety equipment includes software protecting development hardware or trust enforcement engine.
Example 58: the method for the apparatus control as described in example 55, farther includes: by license data store in the license database being associated with license server;And by license data store in the machine.
Example 59: the method for the apparatus control as described in example 58, wherein, licensc e data includes one in time expiration and the following: operate the MAC Address of the client of this machine, IP address and Hostname.
Example 60: the method for the apparatus control as described in example 59, farther includes: if machine time is after time expiration, then deactivate device.
Example 61: the method for the apparatus control as described in example 59, farther includes: do not mate with storage licensc e data in the machine if on the licensc e data in license database, then arrestment.
Example 62: the method for the apparatus control as described in example 59, farther includes: be invalid determination in response to licence, removes the licensc e data in license database.
Example 63: the method for the apparatus control as described in example 55, farther includes: after the predetermined time period, asks licence to update via machine;And if licence renewal is invalid, then deactivating device.
Example 64: at least one machine readable media, including a plurality of instruction, performs a plurality of instruction in response to by system, and this plurality of instruction makes system: asked the use to the device on machine by client;In response to the request using device, first unique identifier is sent to license server;In response to this first unique identifier, second unique identifier is sent to machine;Based on first unique identifier and second unique identifier, between machine and license server, set up safe channel;From the request of this license server for activating the licence of device;Pass through the safe lane set up, cross license data between license server and machine;Determine whether this licensc e data is effective;And be effectively determine in response to this licensc e data, activate device.
Example 65: at least one machine readable media as described in example 64, wherein, machine and license server are each associated with safety equipment.
Example 66: at least one machine readable media as described in example 65, wherein, each safety equipment includes software protecting development hardware or trust enforcement engine.
Example 67: at least one machine readable media as described in example 64, farther includes instruction, and these instructions are for making system further: by license data store in the license database being associated with license server;And by license data store in the machine.
Example 68: at least one machine readable media as described in example 67, wherein, licensc e data includes one in time expiration and the following: operate the MAC Address of the client of this machine, IP address and Hostname.
Example 69: at least one machine readable media as described in example 68, farther includes instruction, and these instructions are for making system further: if machine time is after time expiration, then deactivate device.
Example 70: at least one machine readable media as described in example 68, farther include instruction, these instructions are for making system further: do not mate with storage licensc e data in the machine if on this licensc e data in license database, then arresting stop.
Example 71: at least one machine readable media as described in example 64, farther includes instruction, and these instructions are for making system further: be invalid determination in response to licence, removes the licensc e data in license database.
Example 72: at least one machine readable media as described in example 64, farther includes instruction, and these instructions are for making system further: after the predetermined time period, ask licence to update via this machine;And if licence renewal is invalid, then deactivating device.
Example 73: a kind of license management system, including: machine, described machine has the first safety equipment being configured for generation first unique identifier, and this machine is configured for the request receiving the use to license device;License server, described license server has the second safety equipment being configured for generation second unique identifier;Wherein, this machine and this license server are configured for: in response to the request of the use to licensed device, set up safe channel to determine whether the licensc e data being associated with licensed device is effective between this machine with this license server.
Example 74: the license management system as described in example 73, wherein, safety equipment include software protecting development hardware or trust enforcement engine.
Example 75: the license management system as described in example 73, farther includes: first memory, is associated with license server, and this first memory is configured for license data store in the license database being associated with license server;And second memory, it being associated with machine, this second memory is configured for storing authorization card data.
Example 76: the license management system as described in example 75, wherein, licensc e data includes one in time expiration and the following: operate the MAC Address of the client of this machine, IP address and Hostname.
Example 77: the license management system as described in example 76, wherein, machine is configured for: if client time is after time expiration, then deactivate device.
Example 78: the license management system as described in example 76, wherein, machine is configured for: do not mate with storage licensc e data in the machine if on the licensc e data in this license database, then arresting stop.
Example 79: the license management system as described in example 76, wherein, license server is configured for: when this licence is invalid, remove the licensc e data in license database.
Example 80: the license management system as described in example 73, wherein, machine is configured for: after the predetermined time period, and request licence updates;And if the renewal of this licence is invalid, then deactivating device.
Although specific embodiment is had been illustrated and described herein, but it will be appreciated by those of ordinary skill in the art that various replacement and/or equivalent implementations replace the specific embodiment that illustrates and the describe scope without departing from the embodiment of disclosed technology.The application is intended to any adaptation or the variant that cover embodiment shown and described herein.Therefore, the embodiment of disclosed technology it is expressly intended to only be limited by appended claims and equivalents thereof.
Claims (23)
1., for a method for the apparatus control of approval apparatus in cloud infrastructure, described method includes:
Safe channel is set up between machine and license server;
Via described machine from the request of described license server for activating the licence of described device;
Pass through the channel of the safety set up, cross license data between described license server and described machine;
Determine whether described licensc e data is effective;And
It is effectively determine in response to described licensc e data, activates described device.
2. the method for apparatus control as claimed in claim 1, wherein, described machine and described license server are each associated with safety equipment.
3. the method for apparatus control as claimed in claim 2, described safety equipment include software protecting development hardware.
4. the method for apparatus control as claimed in claim 2, described safety equipment include trust enforcement engine.
5. the method for apparatus control as claimed in claim 2, wherein, described safe channel uses described safety equipment to set up.
6. the method for apparatus control as claimed in claim 1, farther includes:
By described license data store in the license database being associated with described license server;And
By described license data store in described machine.
7. the method for apparatus control as claimed in claim 6, wherein, described licensc e data includes one in time expiration and the following: operate the MAC Address of the client of described machine, IP address and Hostname.
8. the method for apparatus control as claimed in claim 7, farther includes: if client time after described time expiration, then deactivate described device.
9. the method for apparatus control as claimed in claim 7, farther includes: do not mate with the described licensc e data being stored in described machine if on the described licensc e data in described license database, then stop described device.
10. the method for apparatus control as claimed in claim 7, farther includes: be invalid determination in response to described licence, removes the described licensc e data in described license database.
11. the method for apparatus control as claimed in claim 1, farther include:
After the predetermined time period, licence is asked to update via described machine;And
If it is invalid that described licence updates, then deactivate described device.
12. the method for apparatus control as claimed in claim 1, wherein, described machine can be virtual machine, naked metal machine or container.
13. a license management system, including:
Client device, described client device is configured for and utilizes licensed device to access machine in cloud infrastructure;
First safe unit, is associated with described machine, and described first safe unit includes first unique identifier;
License server, described license server is configured for and described machine communication;And
Second safe unit, is associated with described license server, and described second safe unit includes second unique identifier;
Wherein, described first safe unit and described second safe unit are configured for and set up safe channel between described machine with described license server to determine whether the licensc e data being associated with licensed device is effective.
14. license management system as claimed in claim 13, wherein, described safety equipment include software protecting development hardware.
15. license management system as claimed in claim 13, wherein, described safety equipment include trust enforcement engine.
16. license management system as claimed in claim 13, farther include:
First memory, is associated with described license server, and described first memory is configured for described license data store in the license database being associated with described license server;And
Second memory, is associated with described machine, and described second memory is configured for the described licensc e data of storage.
17. license management system as claimed in claim 16, wherein, described licensc e data includes one in time expiration and the following: operate the MAC Address of the client of described machine, IP address and Hostname.
18. license management system as claimed in claim 17, wherein, described machine is configured for: if client time after described time expiration, then deactivate described device.
19. license management system as claimed in claim 17, wherein, described machine is configured for: does not mate with the described licensc e data being stored in described machine if on the described licensc e data in described license database, then stops described device.
20. license management system as claimed in claim 17, wherein, described license server is configured for: when described licence is invalid, removes the described licensc e data in described license database.
21. license management system as claimed in claim 13, wherein, described machine is configured for: after the predetermined time period, and request licence updates;And if the renewal of described licence is invalid, then deactivating described device.
22. license management system as claimed in claim 13, wherein, described machine can be virtual machine, naked metal machine or container.
23. license management system as claimed in claim 13, wherein, random number generator is used to determine described first unique identifier.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US14/581,742 US10289814B2 (en) | 2014-12-23 | 2014-12-23 | Licensing in the cloud |
| US14/581,742 | 2014-12-23 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105718760A true CN105718760A (en) | 2016-06-29 |
| CN105718760B CN105718760B (en) | 2018-11-13 |
Family
ID=56097732
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510817595.4A Active CN105718760B (en) | 2014-12-23 | 2015-11-23 | Permitted in cloud |
Country Status (4)
| Country | Link |
|---|---|
| US (3) | US10289814B2 (en) |
| JP (2) | JP6135022B2 (en) |
| CN (1) | CN105718760B (en) |
| DE (1) | DE102015118886A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106059777A (en) * | 2016-08-23 | 2016-10-26 | 浪潮电子信息产业股份有限公司 | Design method for trusted middleware of cloud platform |
| WO2018120042A1 (en) * | 2016-12-30 | 2018-07-05 | 华为技术有限公司 | Credential distribution method and apparatus |
| CN108628658A (en) * | 2017-03-17 | 2018-10-09 | 华为技术有限公司 | A kind of licence managing method and device of container |
| US11507643B2 (en) | 2014-12-23 | 2022-11-22 | Intel Corporation | Licensing in the cloud |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9817684B2 (en) * | 2012-10-16 | 2017-11-14 | Intel Corporation | Cross-function virtualization of a telecom core network |
| US11017384B2 (en) | 2014-05-29 | 2021-05-25 | Apple Inc. | Apparatuses and methods for using a primary user device to provision credentials onto a secondary user device |
| KR101746202B1 (en) * | 2015-06-09 | 2017-06-12 | 주식회사 케이티 | Method and apparatus for network function virtualization |
| WO2018068202A1 (en) * | 2016-10-11 | 2018-04-19 | Nokia Technologies Oy | Virtualized network function security wrapping orchestration in the cloud environment |
| US10372419B2 (en) * | 2017-04-18 | 2019-08-06 | International Business Machines Corporation | Trusted random number generation by a cloud server |
| US11641359B2 (en) * | 2018-04-20 | 2023-05-02 | Opera Norway As | System for connecting computing devices |
| US11527331B2 (en) | 2018-06-15 | 2022-12-13 | Xact Laboratories, LLC | System and method for determining the effectiveness of medications using genetics |
| US11398312B2 (en) | 2018-06-15 | 2022-07-26 | Xact Laboratories, LLC | Preventing the fill of ineffective or under-effective medications through integration of genetic efficacy testing results with legacy electronic patient records |
| US11380424B2 (en) | 2018-06-15 | 2022-07-05 | Xact Laboratories Llc | System and method for genetic based efficacy testing |
| US11227685B2 (en) | 2018-06-15 | 2022-01-18 | Xact Laboratories, LLC | System and method for laboratory-based authorization of genetic testing |
| US11200300B2 (en) | 2018-06-20 | 2021-12-14 | Microsoft Technology Licensing, Llc | Secure sharing of license data in computing systems |
| KR102201221B1 (en) * | 2019-06-05 | 2021-01-12 | 주식회사 시큐아이 | Network security device and license managing method of the network security device |
| US11586710B2 (en) * | 2019-12-24 | 2023-02-21 | Microsoft Technology Licensing, Llc | System and method for protecting software licensing information via a trusted platform module |
| US11507356B2 (en) * | 2020-07-22 | 2022-11-22 | Nutanix, Inc. | Multi-cloud licensed software deployment |
| CN112751832B (en) * | 2020-12-18 | 2022-08-02 | 湖南麒麟信安科技股份有限公司 | Online authorization authentication method, equipment and storage medium for virtual machine operating system |
| US11928521B2 (en) * | 2021-04-17 | 2024-03-12 | UiPath, Inc. | Bring your own machine (BYOM) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1625726A (en) * | 2002-02-01 | 2005-06-08 | 松下电器产业株式会社 | License information exchange system |
| US20050251490A1 (en) * | 1996-02-26 | 2005-11-10 | Coley Christopher D | Method for determining whether a client software application is licensed |
| US20070256144A1 (en) * | 2006-04-27 | 2007-11-01 | Hoffman Phillip M | System and method for providing a mechanism to virtualize a perpetual, unique system identity on a partitioned computer system |
| CN102957666A (en) * | 2011-08-19 | 2013-03-06 | 中兴通讯股份有限公司 | License control method and license control system |
| US20140189346A1 (en) * | 2012-12-28 | 2014-07-03 | Next Education, Llc | License server manager |
| US20140230024A1 (en) * | 2013-02-13 | 2014-08-14 | Hitachi, Ltd. | Computer system and virtual computer management method |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS5777273A (en) | 1980-10-30 | 1982-05-14 | Hino Motors Ltd | Cabin tilting device for truck |
| JP4201566B2 (en) | 2002-10-10 | 2008-12-24 | 三洋電機株式会社 | Storage device and server device |
| JP4590282B2 (en) | 2005-02-24 | 2010-12-01 | キヤノン株式会社 | License management apparatus, control method, and program |
| US8254579B1 (en) | 2007-01-31 | 2012-08-28 | Hewlett-Packard Development Company, L.P. | Cryptographic key distribution using a trusted computing platform |
| US8332631B2 (en) * | 2010-11-22 | 2012-12-11 | Intel Corporation | Secure software licensing and provisioning using hardware based security engine |
| JP5630237B2 (en) | 2010-11-24 | 2014-11-26 | 株式会社リコー | Electronics |
| US8683579B2 (en) | 2010-12-14 | 2014-03-25 | Microsoft Corporation | Software activation using digital licenses |
| BR112013024215A2 (en) | 2011-03-21 | 2016-12-20 | Nokia Siemens Networks Oy | software license control |
| US20140283090A1 (en) * | 2013-03-15 | 2014-09-18 | Jupiter Systems | Licensing using a node locked virtual machine |
| US9342669B2 (en) * | 2013-07-11 | 2016-05-17 | Dialogic, Inc. | Systems and methods of licensing and identification of virtual network appliances |
| US20150220927A1 (en) * | 2013-09-25 | 2015-08-06 | Ned M. Smith | Method, apparatus and system for providing transaction indemnification |
| US9983894B2 (en) * | 2013-09-25 | 2018-05-29 | Facebook, Inc. | Method and system for providing secure system execution on hardware supporting secure application execution |
| US10289814B2 (en) * | 2014-12-23 | 2019-05-14 | Intel Corporation | Licensing in the cloud |
-
2014
- 2014-12-23 US US14/581,742 patent/US10289814B2/en active Active
-
2015
- 2015-11-04 DE DE102015118886.4A patent/DE102015118886A1/en active Pending
- 2015-11-19 JP JP2015226541A patent/JP6135022B2/en active Active
- 2015-11-23 CN CN201510817595.4A patent/CN105718760B/en active Active
-
2017
- 2017-04-07 JP JP2017077128A patent/JP6740166B2/en active Active
-
2019
- 2019-04-02 US US16/373,300 patent/US11507643B2/en active Active
-
2022
- 2022-11-21 US US17/991,592 patent/US11775621B2/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050251490A1 (en) * | 1996-02-26 | 2005-11-10 | Coley Christopher D | Method for determining whether a client software application is licensed |
| CN1625726A (en) * | 2002-02-01 | 2005-06-08 | 松下电器产业株式会社 | License information exchange system |
| US20120047205A1 (en) * | 2002-02-01 | 2012-02-23 | Masaya Yamamoto | License information exchange system |
| US20070256144A1 (en) * | 2006-04-27 | 2007-11-01 | Hoffman Phillip M | System and method for providing a mechanism to virtualize a perpetual, unique system identity on a partitioned computer system |
| CN102957666A (en) * | 2011-08-19 | 2013-03-06 | 中兴通讯股份有限公司 | License control method and license control system |
| US20140189346A1 (en) * | 2012-12-28 | 2014-07-03 | Next Education, Llc | License server manager |
| US20140230024A1 (en) * | 2013-02-13 | 2014-08-14 | Hitachi, Ltd. | Computer system and virtual computer management method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11507643B2 (en) | 2014-12-23 | 2022-11-22 | Intel Corporation | Licensing in the cloud |
| CN106059777A (en) * | 2016-08-23 | 2016-10-26 | 浪潮电子信息产业股份有限公司 | Design method for trusted middleware of cloud platform |
| CN106059777B (en) * | 2016-08-23 | 2019-02-15 | 浪潮电子信息产业股份有限公司 | A kind of credible Design of Middleware method of cloud platform |
| WO2018120042A1 (en) * | 2016-12-30 | 2018-07-05 | 华为技术有限公司 | Credential distribution method and apparatus |
| CN108628658A (en) * | 2017-03-17 | 2018-10-09 | 华为技术有限公司 | A kind of licence managing method and device of container |
| CN108628658B (en) * | 2017-03-17 | 2022-04-05 | 华为技术有限公司 | License management method and device for container |
Also Published As
| Publication number | Publication date |
|---|---|
| US11507643B2 (en) | 2022-11-22 |
| DE102015118886A1 (en) | 2016-06-23 |
| JP6135022B2 (en) | 2017-05-31 |
| CN105718760B (en) | 2018-11-13 |
| JP6740166B2 (en) | 2020-08-12 |
| US10289814B2 (en) | 2019-05-14 |
| US20200074047A1 (en) | 2020-03-05 |
| JP2017152017A (en) | 2017-08-31 |
| US11775621B2 (en) | 2023-10-03 |
| JP2016119068A (en) | 2016-06-30 |
| US20230095881A1 (en) | 2023-03-30 |
| US20160180063A1 (en) | 2016-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105718760A (en) | Licensing in the cloud | |
| EP3556080B1 (en) | Secure iot device update | |
| CN102884535B (en) | Protected device manages | |
| US11256797B2 (en) | Remote attestation for multi-core processor | |
| US9047468B2 (en) | Migration of full-disk encrypted virtualized storage between blade servers | |
| US10402567B2 (en) | Secure boot for multi-core processor | |
| JP2009199530A5 (en) | ||
| BRPI0801772B1 (en) | METHOD IMPLEMENTED BY COMPUTER, INFORMATION TREATMENT SYSTEM AND LEGIBLE STORAGE MEDIA BY COMPUTER | |
| US9460272B2 (en) | Method and apparatus for group licensing of device features | |
| US20180285600A1 (en) | Connected secure iot processor | |
| KR20110068916A (en) | Virtual bus device using management engine | |
| CN103403732A (en) | Processing method and device for input and output opeartion | |
| CN104252377A (en) | Virtualized host ID key sharing | |
| EP3646224A1 (en) | Secure key storage for multi-core processor | |
| TW201626219A (en) | Operating system agnostic validation of firmware images | |
| WO2018217404A1 (en) | Flash recovery mode | |
| CN111414612A (en) | Security protection method and device for operating system mirror image and electronic equipment | |
| CN102542185B (en) | The method and apparatus that software in sclerosis random access storage device is carried out | |
| US10742412B2 (en) | Separate cryptographic keys for multiple modes | |
| CN111859379B (en) | Processing method and device for protecting data model | |
| CN110399719A (en) | BIT file loading method, device, equipment and computer readable storage medium | |
| CN105324774B (en) | The method of the device of licensing procedure, program trading device and its licensing procedure | |
| CN103617388B (en) | A kind of implementation method with the secure operating system of process authentic authentication | |
| Linthicum | The evolution of cloud service governance | |
| JP6079151B2 (en) | System setting information updating apparatus, system setting information updating system, system setting information updating method, and system setting information updating program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |